× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: dfb6a732af0b962771f5a84cd14eb0057fa7c63e9622ec08433db3abaada09ff
File name: gtbasic.dll
Detection ratio: 50 / 66
Analysis date: 2018-01-08 08:45:26 UTC ( 1 week, 3 days ago )
Antivirus Result Update
Ad-Aware Trojan.GenericKD.12706112 20180108
AegisLab Filerepmalware.Gen!c 20180108
AhnLab-V3 Trojan/Win32.Emotet.R216766 20180107
ALYac Trojan.Agent.Emotet 20180108
Antiy-AVL Trojan/Win32.TSGeneric 20180108
Arcabit Trojan.Generic.DC1E140 20180108
Avast Win32:Malware-gen 20180108
AVG Win32:Malware-gen 20180108
Avira (no cloud) TR/Crypt.ZPACK.oqqok 20180108
AVware Trojan.Win32.Generic!BT 20180103
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180108
BitDefender Trojan.GenericKD.12706112 20180108
CAT-QuickHeal Trojan.Dovs 20180108
ClamAV Win.Trojan.Emotet-6409744-0 20180108
Comodo UnclassifiedMalware 20180108
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20171016
Cybereason malicious.9335df 20171103
Cylance Unsafe 20180108
Cyren W32/Trojan.ZYWI-3803 20180108
eGambit Unsafe.AI_Score_97% 20180108
Emsisoft Trojan.GenericKD.12706112 (B) 20180108
Endgame malicious (high confidence) 20171130
ESET-NOD32 a variant of Win32/Kryptik.GAZE 20180108
F-Secure Trojan.GenericKD.12706112 20180108
Fortinet W32/Kryptik.FZTF!tr 20180108
GData Win32.Trojan-Spy.Emotet.IP 20180108
Ikarus Trojan-Banker.Emotet 20180107
K7AntiVirus Trojan ( 00521c821 ) 20180108
K7GW Trojan ( 00521c821 ) 20180108
Kaspersky Trojan.Win32.Dovs.epw 20180108
Malwarebytes Trojan.Emotet 20180108
MAX malware (ai score=99) 20180108
McAfee Emotet-FCY! 20180102
McAfee-GW-Edition BehavesLike.Win32.Ramnit.cm 20180108
Microsoft Trojan:Win32/Emotet.T 20180108
eScan Trojan.GenericKD.12706112 20180108
NANO-Antivirus Trojan.Win32.Dovs.ewmfov 20180108
Palo Alto Networks (Known Signatures) generic.ml 20180108
Panda Generic Malware 20180107
Rising Trojan.Kryptik!8.8 (TFE:2:r0T0Apd0pPK) 20180106
SentinelOne (Static ML) static engine - malicious 20171224
Sophos AV Mal/EncPk-ANR 20180108
Symantec Trojan.Gen.2 20180108
Tencent Suspicious.Heuristic.Gen.b.0 20180108
TrendMicro TROJ_GEN.R002C0RLS17 20180108
TrendMicro-HouseCall TSPY_HPEMOTET.SMF1 20180108
VIPRE Trojan.Win32.Generic!BT 20180108
ViRobot Trojan.Win32.Z.Emotet.200704.D 20180108
Webroot W32.Adware.Gen 20180108
ZoneAlarm by Check Point Trojan.Win32.Dovs.epw 20180108
Alibaba 20180108
Avast-Mobile 20180108
Bkav 20180106
CMC 20180108
DrWeb 20180108
F-Prot 20180108
Sophos ML 20170914
Jiangmin 20180108
Kingsoft 20180108
nProtect 20180108
Qihoo-360 20180108
SUPERAntiSpyware 20180108
TheHacker 20180103
Trustlook 20180108
VBA32 20180105
Yandex 20171229
Zillya 20180105
Zoner 20180108
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright (c) 1999-2006 by PHaX

Product GT2
Original name gtbasic.dll
Internal name gtbasic.dll
File version 0.35
Description General purpose library.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-12-28 00:00:08
Entry Point 0x00001B40
Number of sections 8
PE sections
PE imports
CryptDestroyKey
RegEnumKeyW
LookupPrivilegeNameA
CryptUnregisterDefaultOIDFunction
CreatePatternBrush
CreateBitmap
DeleteObject
GetRandomRgn
GetThreadPriority
GetConsoleOutputCP
lstrcmpA
GetSystemDefaultUILanguage
ReadFile
TlsGetValue
Sleep
GetSystemWow64DirectoryA
GetVersion
SetComputerNameA
MprConfigGetGuidName
UuidToStringW
SetupGetLineCountW
SHRegQueryInfoUSKeyW
PathIsDirectoryW
GetWindowLongA
SetTimer
IsWindow
GetOpenClipboardWindow
GetSubMenu
AdjustWindowRect
AnyPopup
GetClientRect
GetForegroundWindow
GetWindowPlacement
MessageBoxA
GetSystemMenu
GetWindowTextA
SetWindowTextA
SetWindowPos
timeGetSystemTime
midiOutClose
DeviceCapabilitiesW
SCardReconnect
StgOpenStorageOnILockBytes
Number of PE resources by type
RT_STRING 114
RT_VERSION 1
Number of PE resources by language
ENGLISH UK 115
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
184320

ImageVersion
0.0

ProductName
GT2

FileVersionNumber
0.35.0.0

UninitializedDataSize
0

LanguageCode
German

FileFlagsMask
0x003f

CharacterSet
Windows, Latin1

LinkerVersion
12.15

FileTypeExtension
exe

OriginalFileName
gtbasic.dll

MIMEType
application/octet-stream

LegalCopyright
Copyright (c) 1999-2006 by PHaX

FileVersion
0.35

TimeStamp
2017:12:28 01:00:08+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
gtbasic.dll

ProductVersion
0.35

FileDescription
General purpose library.

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
http://philip.helger.com/gt/

CodeSize
0

FileSubtype
0

ProductVersionNumber
0.35.0.0

EntryPoint
0x1b40

ObjectFileType
Dynamic link library

Comment
http://philip.helger.com/gt/

Compressed bundles
File identification
MD5 fbee363b64902c42108b8b3f921dc228
SHA1 e7314da9335df28164c5fefae7016872fbeed220
SHA256 dfb6a732af0b962771f5a84cd14eb0057fa7c63e9622ec08433db3abaada09ff
ssdeep
3072:fE/0j/VB1W/84GTUJuZExZAEiZ8A3Gcnne26rsHsu:fE/0j/j1WUlwJZI

authentihash ca8761b2580beb74cfed6dd98e41b80565288f4233bd1d679f9881839bec6c47
imphash 0679572e267a1f6d9d65467b4632b4a1
File size 196.0 KB ( 200704 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Tags
peexe

VirusTotal metadata
First submission 2017-12-27 15:09:07 UTC ( 3 weeks, 1 day ago )
Last submission 2017-12-28 20:05:13 UTC ( 3 weeks ago )
File names audiosearch.exe
2017-12-27-Emotet-shedulecart.exe
gtbasic.dll
Emotet-shedulecart.exe
msiservice.exe
25880056.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
UDP communications